Re: [tor-relays] AWS abuse handling

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/27/2016 08:24 PM, Snehan Kekre wrote: > (/capped/ at 15GB/month of traffic each way). seems to be just 5 KB/sec, or ? - -- Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iF4EAREIAAYFAleY

Re: [tor-relays] AWS abuse handling

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/27/2016 08:42 PM, Snehan Kekre wrote: > I've set RelayBandwidthRate to 300 KB and RelayBandwidthBurst to > 400 KB. It hibernates after it's exhausted the cap. 300 KB == 5,000 sec till exhaustion, == 1,5 hour - -- Toralf PGP: C4EACDDE 0076E94E

Re: [tor-relays] Don't use Google's DNS server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/28/2016 07:50 PM, nusenu wrote: > If you run an exit and find your relay fingerprint next to a Google AS If only a subset from the whole list is meant it would be helpful to provide an appropriate subset of that file for the purpose of this em

Re: [tor-relays] Got a visit from the police this morning..

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Well, maybe OT but nevertheless: The tor exit notice can be improved. I derived a good example from the WIKI and adapted it just a little bit for Germany: http://5.9.158.75/ And a second thing: If you close port 465, then you should close 587 as w

Re: [tor-relays] is explicit DirPort needed anymore under Tor 0.2.8.6?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/03/2016 02:13 AM, Green Dream wrote: > With this new behavior, is there any reason to keep an open DirPort on > our relays? Yes, it is a convenient way to tell others to fetch a HTML document from the Tor exit ip address (eg in http://5.9.158.

[tor-relays] How to exclude a CDN ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Got few times an informal report containing something like: It is most likely the attack traffic is directed at one of the following endpoints: account.sonyentertainmentnetwork.com auth.np.ac.playstation.net auth.a

Re: [tor-relays] How to exclude a CDN ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/13/2016 09:10 AM, yl wrote: > Let them block your exit, if they are consequent and block all tor > they get what they want. I guess. Yes, give that answer 2 times to the origin of the abuse letter ... - -- Toralf PGP: C4EACDDE 0076E94E, OTR:

[tor-relays] issues with a fresh new tor server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I made the following steps to have /var/lib/tor encrypted under an ext4fs under a stable Gentoo Linux: at a local system: head -c 16 /dev/random | xxd -p > ~/tmp-salt.txt; echo 0x`cat ~/tmp-salt.txt` > ~/.cryptoSalt; rm ~/tmp-salt.txt

Re: [tor-relays] issues with a fresh new tor server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/21/2016 03:23 PM, Tom van der Woerdt wrote: > what it fails on with strace? Is tor actually running as the 'tor' user? > Do you have any special security configuration like sandboxing set up? > > Tom Well, whilst disabling the SandBox at least

Re: [tor-relays] issues with a fresh new tor server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/21/2016 03:23 PM, Tom van der Woerdt wrote: > Did this work prior to adding encryption, or could that be a red > herring? It was the attempt to encrypt the Tor directory using the ext4 method - - GRSecurity is fine (works since 2 years like a

Re: [tor-relays] issues with a fresh new tor server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/21/2016 06:35 PM, Tom van der Woerdt wrote: > Side-note wrt your setup : > > You're storing the keys on the disk, and while they're removed > immediately after, that potentially leaves them on the physical storage. > Since you're already passi

Re: [tor-relays] relay on a vps not exclusively used for tor?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/21/2016 09:33 PM, Petrusko wrote: > CPU is not used 100% all the time, so there is Boinc running behind to > help worldcommunitygrid.org against cancer, ebola, zika... There was an unclear situation related to BOINC at my former exit relay [1]

Re: [tor-relays] relay on a vps not exclusively used for tor?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/21/2016 10:28 PM, Petrusko wrote: > Thx for sharing this kernel option, and this experience. Under Gentoo Linux it is very easy to have GRSecurity. I do use it both on my desktop and my server w/o bigger problems. > But if I understand well,

Re: [tor-relays] interesting network sockets pattern

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/25/2016 07:02 PM, Toralf Förster wrote: > This is a fresh new Tor exit, setup 4 days ago, > https://atlas.torproject.org/#details/BE2FA9FCB6242567B93ED99FEC5543FC517C9276 > , where I do wonder how to interpret the attached screen s

Re: [tor-relays] interesting network sockets pattern

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/27/2016 10:36 AM, dawuud wrote: > what is the pattern you are referring to? The up and down of about 2,500 socks within a short time period - -- Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7 -BEGIN PGP SIGNATURE- Version: GnuP

Re: [tor-relays] interesting network sockets pattern

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/27/2016 12:47 PM, dawuud wrote: > i wonder if you've got lots of sockets in time-wait, The blue line in the graph are already tcp-tw. - -- Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7 -BEGIN PGP SIGNATURE- Version: GnuPG v2

Re: [tor-relays] interesting network sockets pattern

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/27/2016 12:47 PM, dawuud wrote: > does this same graphy display differently for different periods of time or on > a larger time scale? > did this recently started happening? This is a new system re-using the same IP of the old exit relay where

Re: [tor-relays] interesting network sockets pattern

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/27/2016 08:59 PM, Jivan Amara wrote: > I suspect this is due to a circuit built with a node that has lower > max bandwidth settings than yours. The regular bandwidth cap holds > traffic back for a time, then the burst bandwidth cap lets some >

Re: [tor-relays] Closing a relay, to move/upgrade, identity question ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/29/2016 01:48 PM, Petrusko wrote: > If I'm paranoiac, and if this current relay has been corrupted, I think > it's better to start a clean identity without the old keys ? That was the reason for me to start with new keys (and an encrypted FS) w

[tor-relays] block input hammering from the same ip source address

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 These are iptables rules (ipv4) for my exit relay: IPT="/sbin/iptables" # Tor # $IPT -A INPUT -p tcp --destination-port 80 --match conntrack --ctstate NEW --match connlimit --connlimit-above 2 --connlimit-mask 32 -j DROP $IPT -A INPUT -

[tor-relays] new warn message: Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Today I got this for the first since I run exits: Oct 06 08:23:03.000 [warn] Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS. Something I should worry about ? - -- Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7 -BEGIN PGP

Re: [tor-relays] new warn message: Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/06/2016 06:29 PM, Logforme wrote: > Maybe they are new in 0.2.8.8? nope, from "git blame" the appropriate line is part of git commit 339df5df and that commit is already part of tor-0.2.4.11-alpha : commit 339df5df085e2115c01881cf628abe5ed3fbd

Re: [tor-relays] new warn message: Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/07/2016 05:55 PM, Ivan Markin wrote: > I'm unable find change to this line in > 339df5df085e2115c01881cf628abe5ed3fbd456. Right, it is commit 259c65ab08a4a88e310097cd5df155d62ea22447 Author: Roger Dingledine Date: Mon Feb 13 10:33:00 2006

[tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Reading [1] I do wonder about that. Why do Tor exit relay operators avoid installing a local resolver - or at least simple a cache as shown in [2] ? Adding different nameserver= lines to /etc/resolv.conf than 8.8.8.8 shouldn't be a big thing, or ?

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/17/2016 04:37 AM, Jesse V wrote: > Consequently, I have to keep an eye on /etc/resolv.conf to ensure > that it always points to my Unbound instance. I take immediate > action if this is not the case. Shouldn't /etc/resolv.conf.{head,tail} autom

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/17/2016 07:00 PM, pa011 wrote: > What servers do I put in /etc/dnsmasq.conf to get this solved best? Currently I do just use nameservers from my ISP (Hetzner) : mr-fox ~ # grep ^server /etc/dnsmasq.conf server=2a01:4f8:0:a0a1::add:1010 server=

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/17/2016 07:40 PM, Toralf Förster wrote: > but from the mentioned PDF I got the impression to just use the ISP > nameservers + a local cache - which I'm trying now. Which was not the best idea: $ dig www.heise.de +trace ; <<

Re: [tor-relays] Research project - comparing abuse complaints on Tor exits to those of regular ISPs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/24/2016 05:08 PM, Robin Kjeld wrote: > So, I changed SSH to be Rejected. And it's been working fine since then. So, > it's basically the ReducedExitPolicy but without SSH. > /Robin I kicked off telnet and whois (and ftp a long time ago) too f

Re: [tor-relays] cryptsetup some folders

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/24/2016 09:53 AM, Petrusko wrote: > Any suggestions and master's thoughts are welcome :) I played few weeks ago with folder based encryption at an EXT4FS, but gave up - it won't work reliable here (hardened stable Gentoo Linux). But maybe with

Re: [tor-relays] cryptsetup some folders

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/25/2016 12:03 PM, Duncan Guthrie wrote: > > Having it encrypted also makes remote management an absolute pain. Depends on - an encrypted ext4fs needs just to be decrypted after boot as I tried in [1]. And the use case is to avoid that the pr

Re: [tor-relays] proper way to insert PGP key in torrc?

On 11/03/2016 11:27 AM, Marco Predicatori wrote: > Marco - -- > https://atlas.torproject.org/#details/A1D5528320F51B910C996CE9988FAFAF4780044F > Advertised Bandwidth 76.8 KB/s Not too much fun with such a lame relay I fear -- Toralf Förster PGP: C4EACDDE 0076E94E sign

Re: [tor-relays] DoS from my tor guard VPS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 11/15/2016 09:41 PM, Arisbe wrote: > Several weeks ago I was notified that my VPS was a source of UDP > DoS traffic. ? Tor is only TCP, not UDP. - -- Toralf PGP: C4EACDDE 0076E94E -BEGIN PGP SIGNATURE- iHYEAREIAB4FAlgrfh8XHHRvcmFsZi5mb

[tor-relays] new (?) : Average packaged cell fullness: 96.772%. TLS write overhead: 96%

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I do wonder about a log message which seems not to appear before : ==> /tmp/notice.log <== Nov 26 20:10:45.000 [notice] Performing bandwidth self-test...done. Nov 26 20:19:44.000 [notice] New control connection opened from 127.0.0.1. Nov 26 20:31:13

Re: [tor-relays] new (?) : Average packaged cell fullness: 96.772%. TLS write overhead: 96%

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 11/27/2016 10:16 AM, teor wrote: > Perhaps your relay sent a lot of very small packets? > (Interactive protocols like chat and SSH could be responsible.) Hhm, it is a very fresh exit (setup yesterday evening) - so that might be the reason. (My

Re: [tor-relays] how many tor relay could run on a single machine/IP?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/02/2016 10:07 AM, Fabio Pietrosanti (naif) - lists wrote: > I'm trying to stress some very small dedicated server with ViaNano > and Atoms and would like to try out multiple Tor relay with AES hw > acceleration to see the limits AFAIC there's

[tor-relays] Does the "Advertised bandwidth" correlates with the "Consensus Weight"

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I do wonder if the measurement of the former is somehow affected by the later ? - -- Toralf PGP: C4EACDDE 0076E94E -BEGIN PGP SIGNATURE- iHYEAREIAB4FAlhO0D0XHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2 6U497gD/erm0jlydeZEl918z0Hgd15N7iLAXv

Re: [tor-relays] Does the "Advertised bandwidth" correlates with the "Consensus Weight"

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/12/2016 10:05 PM, teor wrote: > h, which is one of the factors that feeds into the measured > bandwidth. > > Part of the calculation process for the consensus weight makes > sure that this feedback converges, rather than diverging. Ah thx, sm

Re: [tor-relays] "Graceful" Restart of Tor-Relay ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/30/2016 07:45 PM, Rana wrote: > Can you provide explicit sequence of events/commands Try this : pkill -1 tor - -- Toralf PGP: C4EACDDE 0076E94E -BEGIN PGP SIGNATURE- iHYEAREIAB4FAlhmrFQXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOr

Re: [tor-relays] How can we trust the guards?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/02/2017 04:32 PM, Aeris wrote: > Tor node selection for circuits will address this trouble and avoid you to > use > more than 1 of their nodes in the same circuit, preventing any anonymity > problem. *any* sounds a little bit too optimistic

Re: [tor-relays] Speed up of reconnections after IP Address change

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/03/2017 05:45 PM, balbea16 wrote: > stops and then restarts the Tor service again wouldn't be a SIGHUP enough ? - -- Toralf PGP: C4EACDDE 0076E94E -BEGIN PGP SIGNATURE- iHYEAREIAB4FAlhr2D4XHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2

Re: [tor-relays] Running a relay with low transfer limits

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/04/2017 07:54 PM, ike wrote: > say less than 100GB each way per month? $> echo "scale=2.0; 100 * 1024^3 / 31 / 24 / 60 / 60 / 1024" | bc 39.14 So you're asking, if 40 KB/sec would be the better choice ? - -- Toralf PGP: C4EACDDE 0076E94E --

Re: [tor-relays] Faravahar acting up again / "Bad Gateway" while uploading descriptor

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/05/2017 10:40 PM, Sebastian Hahn wrote: > They send notifications within 10 > minutes of the beginning of the hour. So, if the issue happens at the 11th minute - it would appear 1 hour before someone noticed it ? - -- Toralf PGP: C4EACDDE 00

Re: [tor-relays] TOR Relay performance issue

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/07/2017 08:00 PM, Efthimis Iosifdis wrote: > > You may also have a look at this article if it helps and in case this is > a new Tor Relay node: > > https://blog.torproject.org/blog/lifecycle-of-a-new-relay /me wonders if this link should be

[tor-relays] no ipv6 traffic from/to relays ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Switching from 0.2.9.9 to 0.3.0.3-alpha now let 1/3 of my outgoing network traffic to exit ports (of my Tor exit relay) being ipv6. OTOH there's more or less no ipv6 traffic from/to other relays. Is this (another ipv6) bug/issue in Tor or just expe

Re: [tor-relays] no ipv6 traffic from/to relays ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/05/2017 11:43 AM, nusenu wrote: > IPv6 is not used for relay-to-relay traffic (not implemented yet). Ah - thx. - -- Toralf PGP: C4EACDDE 0076E94E -BEGIN PGP SIGNATURE- iHYEAREIAB4FAliXipgXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2

Re: [tor-relays] no ipv6 traffic from/to relays ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/06/2017 09:25 AM, nusenu wrote: > The first release with the fix for [1] was in 0.3.0.3-alpha [2]. > > So if you run an IPv6 exit, upgrading to 0.3.0.3-alpha potentially > increases the tor network's IPv6 exit capacity. yes, I do now have:

[tor-relays] What does this log message mean ? : Starting with guard context "default"

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I do wonder about it b/c IMO this message is new - at least for me, or ? - -- Toralf PGP: C4EACDDE 0076E94E -BEGIN PGP SIGNATURE- iHYEAREIAB4FAlia5vAXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2 6U76agD+Ottd3e1K43gdCmz9e9euSICdBFCHe4NCf+gB

Re: [tor-relays] What does this log message mean ? : Starting with guard context "default"

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/08/2017 12:19 PM, Pascal Terjan wrote: > > The code seems to have been added 2 months ago, so this is probably > expected to appear after recent updates: > > > https://github.com/torproject/tor/commit/404e9e5611eff39866c2e45133a60b40d7492f7

Re: [tor-relays] new Atlas feature: Not Recommended Tor Version

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/02/2017 06:36 PM, nusenu wrote: > I'd like to highlight a new Atlas feature [1]: > > Atlas now displays a red "!" if the relay runs a tor version that is not > recommended by the tor directory authorities. I think I should repeat my IRC quest

Re: [tor-relays] OrNetStats

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 05/10/2017 08:11 PM, nusenu wrote: > Hi, > > if you want to compare your relay(s) with other operators: > > https://nusenu.github.io/OrNetStats/ Cool site - thx ! IMO the column "Exit %" should be aligned wrt to the comma position and maybe t

Re: [tor-relays] OrNetStats

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 05/13/2017 11:08 AM, Toralf Förster wrote: > IMO the column "Exit %" should be aligned wrt to the comma position > and maybe the space between "#Relays" and "First Seen" should be > increased - jus

Re: [tor-relays] torservers.net: some exits became guards? (deanonymization risk)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/08/2017 02:00 PM, Paul Syverson wrote: > It shouldn't be possible to use the relay in both positions > simultaneously. As long as "MyFamily" is correctly set, yes IMO. - -- Toralf PGP C4EACDDE 0076E94E -BEGIN PGP SIGNATURE- iI0EAREIA

Re: [tor-relays] [warn] channelpadding_ and [warn] assign_

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/03/2017 09:58 PM, Felix wrote: > Switching to 3.1.4a might fix it ? Doubt, got it today too (just once till now) at 0.3.1.4-alpha - -- Toralf PGP C4EACDDE 0076E94E -BEGIN PGP SIGNATURE- iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWV

[tor-relays] *.old files in ./keys are too new

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I do wonder, why the *.old files are newer than their counterparts: - -rw--- 1 tor tor 887 Jul 15 21:51 secret_onion_key - -rw--- 1 tor tor 96 Jul 15 21:51 secret_onion_key_ntor - -rw--- 1 tor tor 96 Jun 17 21:30 secret_onion_key_ntor.

[tor-relays] Tor fuzzying with AFL - issues with virt mem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I do fuzz test the Tor sources with AFL using the script in [1]. Today I was faced with the afl message : - - The current memory limit (47.7 TB) is too restrictive, causing the ... Therefore I re-run this: torproject@mr-fox ~ $ cd ~; for i in .

Re: [tor-relays] Tor fuzzying with AFL - issues with virt mem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/23/2017 09:08 PM, Toralf Förster wrote: > I do fuzz test the Tor sources with AFL using the script in [1]. Hhm, the root cause is the configure option "--enable-expensive-hardening". Without that I can continue fuzz testing

Re: [tor-relays] Unable to get Tor exit relay to run - Ubuntu 16.04

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Maybe you miss the option : DataDirectory /var/lib/tor/data ? On 07/27/2017 09:53 PM, King Queen wrote: > SOCKSPort 0 RunAsDaemon 1 ORPort 443 Nickname kingqueencock > ContactInfo ROT13 DirPort 80 # > what port to advertise for directory connect

Re: [tor-relays] Unable to get Tor exit relay to run - Ubuntu 16.04

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/27/2017 09:53 PM, King Queen wrote: > root@localhost:/var/log/tor# ls -al And something like this helps too : Log info file /tmp/info.log - -- Toralf PGP C4EACDDE 0076E94E -BEGIN PGP SIGNATURE- iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3e

[tor-relays] network traffic gap of >=20% between inbount and outbound traffic vanished after 20th of July

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I do wonder, what's causing this. As seen in the attachment since the last week incoming load matrches outgoing load. In the last 2-3 years I had always up to 20-25% more in- than outgoing traffic w/o any real clue, why. - -- Toralf PGP C4EACDD

Re: [tor-relays] network traffic gap of >=20% between inbount and outbound traffic vanished after 20th of July

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/31/2017 02:30 AM, teor wrote: > Which relay fingerprint(s)? 1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA > Did you upgrade your Tor version? at 30th of June to 0.3.1.4-alpha > Is your relay a directory mirror or HSDir? HSdir only for a short time

Re: [tor-relays] ORSN DNS servers vs OpenNic

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/04/2017 04:11 PM, Chuck McAndrew wrote: > What are the best DNS servers to use for Privacy? I have been using Look into [1] Therefore I decided to use the DNS of my AS. Because AS does already see my IP, there'S no need to involve a third pa

[tor-relays] alternating consensus weight

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I'm just wondering why that value is flipping 50% up and down within last 2 weeks or so for my relay 1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA ? - -- Toralf PGP C4EACDDE 0076E94E -BEGIN PGP SIGNATURE- iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAH

[tor-relays] blocking >1 connections per ip address onto Tor DirPort

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I do have the following iptables rule here : # Tor # dirport=80 orport=443 $IPT -A INPUT -p tcp --destination-port $dirport --match conntrack --ctstate NEW --match connlimit --connlimit-above 1 --connlimit-mask 32 -j DROP $IPT -A INPUT

Re: [tor-relays] blocking >1 connections per ip address onto Tor DirPort

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/15/2017 10:57 PM, Nagaev Boris wrote: > Hey > > I am just curious: why is it needed to block >1 connections per ip > address onto Tor DirPort? Tor serves the "DirPortFrontPage /etc/tor/tor-exit-notice_DE.html" at that port and I'd like to av

Re: [tor-relays] blocking >1 connections per ip address onto Tor DirPort

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/15/2017 11:37 PM, tor wrote: > > Tor also provides the directory service on the same port (unless you > have it disabled). How do you know limiting the connections doesn't > impact the directory service? > Does a particular Tor server/client

Re: [tor-relays] blocking >1 connections per ip address onto Tor DirPort

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/16/2017 12:22 AM, Roger Dingledine wrote: > On Tue, Aug 15, 2017 at 11:52:31PM +0200, Toralf Förster wrote: >> Does a particular Tor server/client will open more than 1 >> connection at a time from to the DirPort ? > >

Re: [tor-relays] bwauth in testing

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/14/2017 11:22 PM, Tom Ritter wrote: > But I wanted to announce it here, both to give an update, and let the > community take a look at its output and see if anything looks fishy. Since few hours the BW is dropped or my exit relay from about 90

Re: [tor-relays] bwauth in testing

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/16/2017 10:06 PM, Tom Ritter wrote: > That is because gabelmoo's bwauth dropped off. Now there are only 3 > bwauths in the system, and your relay was not measured by one of them > (faravahar). With only 2 measurements, you get kicked down to th

Re: [tor-relays] Relay uptime versus outdated Tor version

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/17/2017 04:24 PM, Chuck McAndrew wrote: > Uptime used to be something to brag about. Now it just means you aren't > regularly updating. +1 I do usually follow the vanilla stable kernel - meaning my uptime isn't bigger than 2 weeks since that.

[tor-relays] outdated key files in ./keys ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I do wonder if I do still need all of these files at my exit relay with verion 0.3.1.5-alpha ? $> ls keys/ ed25519_master_id_public_key ed25519_signing_secr

Re: [tor-relays] Fwd: Your TOR [sic] node

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/09/2017 03:52 AM, Matt Traudt wrote: > I just got this guy's spam too. It doesn't look like anything anyone > said to him last month[0] stuck. Just because never answer to a spam/troll/et al ? :-D - -- Toralf PGP C4EACDDE 0076E94E -BEGIN

Re: [tor-relays] Email suggesting to send DNS requests to a specific open DNS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 FWIW https://nymity.ch/tor-dns/ - -- Toralf PGP C4EACDDE 0076E94E -BEGIN PGP SIGNATURE- iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWbhJhxccdG9yYWxmLmZv ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTpv2AP9kJ8gHOBENl1T1H9V8GKHNl56L qEfOQ2e4D/k+JftAfwD/a

Re: [tor-relays] Advisory: Stack disclosure in hidden services logs when SafeLogging disabled

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/18/2017 03:41 PM, Nick Mathewson wrote: > This bug can only happen when the SafeLogging option is disabled, > and SafeLogging is enabled by default. If you have not disabled > SafeLogging, then you should be fine. Which should not hinde

[tor-relays] bwauths doesn't reach reliable my relay

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I do wonder why both longclaw and Faravahar seems since few days not to reach my relays 1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA and 6EABEBF38CE7E3DF672C4DB01383606FE3EB2215 respectively - resulting in a bw value of 20. B/c I switched to version

Re: [tor-relays] bwauths doesn't reach reliable my relay

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/29/2017 01:59 AM, teor wrote: > Do you have errors in your log no, except 1 or 2 few http errors for faharvar that a consensus upload failed or so. In the mean while I got a reasonable bw back. But b/c the were 3 "outages" within a week for

Re: [tor-relays] bwauths doesn't reach reliable my relay

-BEGIN PGP MESSAGE- Charset: utf-8 hQQOA9vCYl42+L0WEA//VFaxE6QcaoO0VzW4rkSlbceYTu7yPgBX1u80HWJwGvVB 4Wv/Wk0YpaKl2FKQvo0tU01021f8Qf9e3cHDHeu7DcxTb6TDkOGE3M6BYZndGFz+ 6d7sWe2E2kUXQQpZbjjvsjSqIE1r/OdSb2jyQnj75HkMrOsR1df0FzQ+CtnKMoyN mKijc41Mc6Bt3lvJkdBNpbOnCiuxZWQnnow5iR+dism0uW9kIqIcc38/2jG3

Re: [tor-relays] bwauths doesn't reach reliable my relay

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/29/2017 06:02 PM, Toralf Förster wrote: > In the mean while I got a reasonable bw back. And again , one relay is at bw=20 (fropm about 60,000) whereas the other (same hardware, just different ip and port) has bw=3000. Both have nea

Re: [tor-relays] bwauths doesn't reach reliable my relay

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/30/2017 06:59 PM, dawuud wrote: > > btw you just wrote sent an encrypted message to a public mailing > list. i don't see the point in doing this, maybe is was an > accident? > > On Sat, Sep 30, 2017 at 02:47:35PM +020

Re: [tor-relays] Blocking outbound 22 or no?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/05/2017 08:55 PM, tor-relay.d...@o.banes.ch wrote: > In the end we disabled port 22. After all - any sysadmin who wants > to have peace and ever looked a ssh config will have its listen > port somewhere else than 22. +1 disabled exit pot 22 he

Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/07/2017 07:39 PM, jpmvtd...@laposte.net wrote: > 5) Reboot (is it necessary ?). No, not at all. Just restart/reload dnsmasq if you change its config. - -- Toralf PGP C4EACDDE 0076E94E -BEGIN PGP SIGNATURE- iI0EAREIADUWIQQaN2+ZSp0CbxP

[tor-relays] spurios warning about using the nickname instead of the key

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I'm wondering why I suddenly got at both of my 2 Tor exit relays (0.3.2.2.-alpha, running at the same machine) the following message: /tmp/notice2.log:Oct 07 22:41:58.000 [warn] You specified a relay "zwiebeltoralf2" by name, but nicknames

Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/08/2017 05:41 AM, Igor Mitrofanov wrote: > Here's what I personally recommend: > # DNS servers > > no-resolv > > no-poll > > no-hosts > > server=8.8.4.4 > > server=8.26.56.26 > > server=74.82.42.42 > > server=64.6.64.6 > > server=8.8.8.

Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/08/2017 09:17 AM, Ralph Seichter wrote: > Unless you have a particular reason to use "dnsmasq", I strongly suggest > you use "unbound" (https://www.unbound.net) instead. May I asked, why you prefer unbound ? AFAIK there's pdns-recursor which s

Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/08/2017 06:34 PM, Igor Mitrofanov wrote: > With a large-enough cache and sufficient uptime dnsmasq effectively > becomes a mini-DNS server that stores IP addresses for the vast > majority of sites that Tor users ever visit. NAK, just 10,000 a

Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/08/2017 07:03 PM, Igor Mitrofanov wrote: > Toralf, thanks for the data. Has that 10% stabilized, or is it still > growing for your node? No, it is rather decreasing over time. I'm just too lazy till now to switch to another DNS cache, which ha

Re: [tor-relays] spurios warning about using the nickname instead of the key

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/11/2017 10:08 AM, Dylan Issa wrote: > Did you set MyFamily using nicknames of the key? > Because if nickname, change it to key is basically what it’s saying. No, both Tor processes share this common config file: grep -i famil /etc/tor/torr

Re: [tor-relays] spurios warning about using the nickname instead of the key

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/12/2017 08:43 PM, Scott Bennett wrote: > Doessn't each fingerprint need to start with a $ character? Otherwise > it's just a really long nickname, right? That entry worked fine for eons and is realized fine, eg.: https://atlas.torproject

[tor-relays] hi-jacking an onion address

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I do wonder how Tor handles the case that a malicious Tor relay provides the same onion address as another Tor relay ? - -- Toralf PGP C4EACDDE 0076E94E -BEGIN PGP SIGNATURE- iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWeG9sRccdG9yYWxmLmZ

Re: [tor-relays] hi-jacking an onion address

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/14/2017 09:41 AM, Jacki M wrote: > Look at the Tor Rendezvous Specification rend-spec-v3.txt > , the > onion addresses that a user enter are Self authenticating, Because the > oni

Re: [tor-relays] hi-jacking an onion address

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/14/2017 09:58 AM, Jacki M wrote: > tor will guarantee that you’re visiting the correct website/onion > and not allow any man in the middle attacks to occur, Thx for clarification. /me is reading the spec in the mean while - -- Toralf PGP C4E

Re: [tor-relays] AccountingMax 48 GBytes is not working

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/16/2017 09:52 PM, Artur Pędziwilk wrote: > ServerTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy managed > May I asked why you enable obfs4 at an (at atlas & friends) visible relay ? - -- Toralf PGP C4EACDDE 0076E94E -BEGIN PGP SI

[tor-relays] sum of consensus weight of 2 relays running at the same IP

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I assumed that 2 Tor at the same ip address would get haöf of the consensus of the previously runnning only one Tor relay at the same hardware. But it semes, that both Tor relays get now the same value as the one before. Is this intended ? - -- T

Re: [tor-relays] sum of consensus weight of 2 relays running at the same IP

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/29/2017 01:24 PM, teor wrote: > Possibly. > > Are the relays CPU-limited, or bandwidth-limited? Not at all, neither limited by a config value nor by the hardware (1GBit/s, 200 MBit/s guaranteed, i7-3930, all non-Tor processes have "nice" in

Re: [tor-relays] Testers needed for Nyx beta release

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/30/2017 08:35 PM, Damian Johnson wrote: > Would relay operators mind giving Nyx a whirl? To give it a try > simply ensure you have a control port available in your torrc... > > ControlPort 9051 > CookieAuthentication 1 > > ... and run the

Re: [tor-relays] Testers needed for Nyx beta release

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/30/2017 09:27 PM, Damian Johnson wrote: > Thanks Toralf! What python version are you using? Sqlite3 should be > built in nowadays... Oh, this is Gentoo Linux, so sqlite3 isn't built per default, only if I explicitely wants it by using USE= fl

Re: [tor-relays] Testers needed for Nyx beta release

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/30/2017 09:35 PM, Damian Johnson wrote: > Ahhh, gotcha. Please let me know when you find the magic ingredient > for sqlite3 on Gentoo an I'll add better messaging for it. Oh, the message should be simply something like "You must emerge dev-lan

Re: [tor-relays] Testers needed for Nyx beta release

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/30/2017 08:35 PM, Damian Johnson wrote: > Our ducks should finally be in a row for release, but this being > a full rewrite I'd like to start with an open beta to work out > anything I might have missed. > The # of digits after the comma might

Re: [tor-relays] Testers needed for Nyx beta release

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 11/04/2017 03:16 AM, Damian Johnson wrote: > If > I missed anything then please let me know. Otherwise I'll move forward > with announcing our long belated release this weekend. > > Cheers! -Damian Hi, just a minor thing: "Menu" -> "Exit" works

[tor-relays] handling of MyFamily for an outdated relay

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Looking at his : I do wonder how to deal with deleting all /var/lib/tor/data2/* files of a Tor relay and running a new one with the same config (but now different key/fingerprint). I added the new fingerprint to the config, which now has 3 entri

Re: [tor-relays] handling of MyFamily for an outdated relay

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 11/04/2017 05:53 PM, nusenu wrote: > MyFamily requires mutual configuration. So if you have 3 relays you have to > change 3 torrc files nope, I included that part of the config, so just 1 file to edit ;) > The question is probably: Why are you

  1   2   3   4   5   >